Recorded live on January 19, 2019 at LevelUp 0x03.
Learn more: www.bugcrowd.com/resources/ev...
Join Bugcrowd: bit.ly/invitesplz
Have a question related to this talk? Post it on our forum: forum.bugcrowd.com/t/levelup-...
Abstract:
"As an industry, we are always looking for ways to sharpen our skills. We have education, certifications, and mentorship programs. A staple at Defcon as well as most other conferences is the Capture the Flag (CTF) competitions. As a blue teamer, in an effort to sharpen my skills, I started downloading CTF VMs and working through them. For more applicability, I started applying these concepts to things outside the CTF for bug bounties, but to no avail.
As luck would have it, I left Burp on and logged in to configure my lab wireless router to use for testing and learning wireless hacking. While the antennae that I bought to attack wireless were being used, they weren’t being used in the same sense of attack. I logged into the router and noticed several vulnerabilities in the router’s authentication scheme. This presentation breaks down the concepts of the CTF and how I applied them through the research and responsible disclosure process.
"
Follow us on Twitter: / bugcrowd